system
1
So, apparently I got this from entering a website
the file regnxch1.exe located at the system folder is infected - I’ve tried the disabling restore system thing, but I dunno what to do next, I still can’t get rid of it!
When I try to delete or repair via avast it says it can’t process - and that the file is being used.
I don’t know what to do.
Calafalas
Eddy
2
Several options to deal with it:
-
Close the prog/process that is using that file, then let Avast take care of it.
-
Boot in safe mode then run Avast
-
When Avast detects it, enable “remove on next boot when needed”
system
3
Thank you - I don’t know which program is using that file, but I’ll try number 3.
system
4
okay - I tried number tree - didn’t work! 
How do I disable the program that is using the file? How do I know which program it is?
Eddy
5
You can get a free process viewer from here > http://www.teamcti.com/pview/prcview.htm That might show you the process you need to kill.
system
6
Hi,
what WIN do you have ?
Where exactly was the infected File found (full pathname and filename) ?
test the file with OnlineScanners e.g. from Trend & KAV (see below) to get a more specific name
(you need to temporarily disable AV-Resident Shields/Monitors to be able to scan the file online)
-remove the Virus/Malware and it’s system modifications according to VirusInfos
from Avast, VGREP, TrendMicro, Kaspersky;
you might also try searching for the virus name or filename with google
general removal procedure:
- disable system restore on Win ME/XP
- best reboot in SafeMode (F8-Boot)
- kill respective Backdoor/Trojan process with task manager (if it still exists in safe Mode)
- search for the file/process names in the registry; remove the malware’s startup entries in the registry
- disinfect or (if disinfection is not possible) delete the file; this may be possible only after a reboot
-Secure your system (change passwords, secure shares, install patches/updates for WIN, IE etc…)
-scan your whole system with updated avast and maybe a 2nd scanner ,e.g. TrendMicro to check whether your PC is clean 
- reenable system restore on Win ME/XP
if it’s of the trojan-gen kind: spybot, ad-aware and cwshredder might also help
if you still can’t remove it, you could post a logfile of Hijackthis here
see www.lurkhere.com ->nicefiles and www.lavasoft.de
Further Details and Links via the board search above 
system
7
oh dear! it all looks so complicated! :o
I’ll keep u updated